Strengthen Security informations

[gautierchomel]

We received several requests from teams in charge of security at universities libraries considering installing Thorium Reader on public computers. Those are usually:

• penetration testing report, or at least an executive summary of the most recent test;
• a valid ISO 27001 certificate, a SOC 2 Type II report, or an equivalent security certification/assurance report.

By now the information we provide is in a subsection of the ⚙️ Technical Specification page.

We use to answer that

Thorium Reader is a free, open‑source desktop application; it runs locally and handles user content on the user’s device. These certifications apply to the backend services and organisational practices operated by third party, not to the BSD‑licensed client software itself.

However we should consider how to strengthen and formalise that information. This could be through

• a dedicated page,
• a direct link to the security section from the main Thorium 3 page.